Mac@Work : The Ultimate Business Machine

The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog • Archive • Cutedge

by: Bernard Teo

Thu 24 May 2007

Mail Servers and DNS

Category : Technology/MailServersAndDNS.txt

James Keating wrote me a question :

Can we run two (or more) mail servers for a single domain?

The answer is not a simple yes. Neither is it a no. And this had set me thinking. I reproduce my answer below in the hope that this can help other people understand mail servers better, as well as their relationship with the domain name system.

Usually you run one mail server for a single domain. You can have other mail servers for that domain, but these are used as backups that will get the mail when the primary mail server is down.

Start with the simplest case, where you have one mail server for the domain and this mail server sits on the machine you reach by typing its domain name. For example, ksd140.org sits on 207.63.165.6 and the mail server is also on that machine, on IP address 207.63.165.6. In this case, you don't even need to create an MX record.

Second case, where the mail server sits on a different machine from the machine known as ksd140.org. For example, the mail server sits on a machine with an IP address of 207.63.105.131, reachable via a host name called mail.ksd140.org. Then you need to have an MX record in the Domain Name System to declare that mail.ksd140.org is performing the function of the mail server for the domain, ksd140.org.

In DNS Enabler, this is specified as

Hostname IP Alias mail.ksd140.org 207.63.105.131 MX[10]ksd140.org

or, simply,

Hostname IP Alias mail.ksd140.org 207.63.105.131 MX[10]

because, if you leave out the domain name after the square brackets, DNS Enabler assumes that you're referring to the primary domain, ksd140.org.

This is what happens when someone sends a message to james@ksd140.org. The originating mail server will check if there is an MX record for the domain, ksd140.org. If there is, it will follow that record and know that it has to send the message to the machine, mail.ksd140.org, which is acting as the mail server for that domain. If there isn't an MX record, it will send the message directly to the machine, ksd140.org.

Third case, where you can have more than one mail server acting as mail servers for that domain, but these are secondary mail servers acting as backups for the primary mail server.

For example, if mail2.ksd140.org on IP address 207.63.105.132 is the backup mail server for mail.ksd140.org, for the domain ksd140.org, then we will denote its status as a backup by setting it with a higher MX number :

Hostname IP Alias mail.ksd140.org 207.63.105.131 MX[10] mail2.ksd140.org 207.63.105.132 MX[20]

This is what happens when an originating mail server tries to send a message to james@ksd140.org and finds that the primary mail server is down. It will look up the MX records for the domain and see if it can find the next higher-numbered MX record to send the message to. If this is also down, it goes on down the line to the next record until it either succeeds in sending the message or fails entirely.

Fourth case. We can have another mail server, not acting as mail server for the domain, but acting on its own right :

Hostname IP Alias wmail.ksd140.org 10.10.2.99

In this example, this mail server is reachable only by machines on the internal private network, and it can be used as an outgoing smtp server for any mail client on the internal network.

However, in this case, if we're using the MailServe setup panel, we must take care to enter wmail.ksd140.org into the Domain Name field, rather than ksd140.org, otherwise the Postfix running on wmail.ksd140.org will mistakenly hang on to all mail destined for users on ksd140.org.

There is a fifth case, where wmail.ksd140.org acts as the mail server for another host machine entirely, say, host2.ksd140.org.

For completeness, this is how we set up DNS Enabler :

Hostname IP Alias wmail.ksd140.org 10.10.2.99 MX[10]host2.ksd140.org

and then the Domain Name field in MailServe should be set as host2.ksd140.org, but I think your eyes are all glazed over by now and I'd better stop.

All this is to say that our little programs, MailServe and DNS Enabler, can actually do a heck of a lot. Hope all these make sense.

Posted at 1:24AM UTC | permalink

Wed 23 May 2007

8000 Customers

Category : Commentary/8000Customers.txt

We've reached 8000 unique customers for our products. That may not seem like much. But it's a milestone nevertheless.

If and when we hit 10,000. That will be something.

Posted at 2:36PM UTC | permalink

Sun 06 May 2007

The White Road Journey

Category : Commentary/WhiteRoadJourney.txt

Gary Erickson, in "Raising The Bar - Integrity and Passion in Life and Business", makes a distinction between White-Road bike journeys and Red-Road ones.

"Michelin maps defined roads as red, yellow, or white. Main roads, busy with buses, trucks, and cars, were marked boldly in red. Yellow roads were minor arteries, not as big as red roads but well traveled. The hundreds of roads branching off from the red and yellow roads were marked in white. We started on the red road, moved to the yellow, and by day three our mantra became ride the white road. White roads held adventure as well as the most spectacular views. We met people face-to-face rather than at bus stops or gas stations...

We felt happy with our performance and exhilarated by the adventure, the people we met, and the beauty of the roads. We hadn't set out with a final destination in mind, and when our time was up, we found ourselves in Innsbruck, Austria... We were as strong as we had ever been and as happy. We relished the white roads, the true roads "less traveled".

"We hadn't set out with a final destination in mind."

Years later, Erickson, maker of Clif Bar energy bars for athletes, faced wth having to sell his company or to go on ahead as an independent entrepreneur, drew on his experience on the white-road jouneys to decide that it's the journey that's going to be the greater reward.

This book is a great read of those of us who find ourselves lost, from time to time, on our own white road journeys - for you do get lost on those white roads. It's for remembering that being lost is part of the pleasure of the journey when you're not moving to the beat of someone else's drum. Life has a way of opening up interesting new vistas (and I'm not talking of the Microsoft kind), at the next turn, when you least expect it.

Two other great books, if you're into such stuff, are Yvon Chouinard's Patagonia - "Let My People Go Surfing: The Education of a Reluctant Businessman", and Dean Karnazes's "Ultramarathon Man: Confessions of an All-Night Runner".

Posted at 8:12AM UTC | permalink

Fri 13 Apr 2007

Leopard delayed. And I get a new lease of life.

Category : Commentary/leopardDelayed.txt

I was beginning to understand that I wasn't going to be able to get new versions of MailServe, DNS Enabler and WebMon out in time if Leopard were to be released in May or June. Quite a few things still don't work, like SMTP authentication using SASLDB and CRAM-MD5, e.g., which I've been struggling with over the last three weeks.

The trouble is, it's hard to find any information over the web, due to the non-disclosure agreement. So we have to be circumscribed about it. Let's just say, imagine NetInfo is gone, and so is lookupd. What do we have to do, to do things in an equivalent way?

That's the kind of things that need to be solved, before we can even think about putting in new features or taking advantage of the new interface elements in Leopard.

So, Leopard being delayed to October is great, at least for me. No excuses, though, if I don't then do a better job by October.

SMTP authentication using SASL is something that had broken each time we moved from Jaguar to Panther to Tiger, and now to Leopard. Each time I had found a solution, but not, as it seems, this time. I've been tempted to drop support for it. But I'll keep on trying. Maybe it's just a bug that'll be fixed in a subsequent release. Hopefully. Because I've run out of ideas.

On a happier note, I've got an LDAP (Light-weight Directory Access Protocol) Server running, at last, with help from Scott Riggins, who sent over some instructions, and I've got it running also on Leopard, no less. LDAP will link Address Book and email, and provide a single sign-on to authenticate users with mail, web and database servers. Imagine you get a new staff. You enter his data into the HR system, some of which goes into the LDAP system. He's then able to use his single password to logon on to the email and database systems, and his contact information appears automatically in everyone's address book. Same goes for a debtor or creditor record, originating in accounting. Centralised control or storage of information, but automatic propagation to wherever it might be useful. I can imagine how that can be made to help small companies, as well as the big ones. It used to be that this kind of power is only available to the companies with the big IT staff. The ones with the big iron. But now it's possible to make this available in a one-click installer/configurator that'll run on any stock, consumer OS X machine, available to all. That's power. The power to subvert the established order. The power, as Apple used to say, to be your best.

Posted at 3:07PM UTC | permalink

Wed 14 Mar 2007

Luca 2.5.4

Category : Technology/Luca2dot5dot4.txt

I've updated Luca to work with the OS X 10.4.9 that was just released today.

But, more importantly, this 2.5.4 release of Luca contains a new "Batch Postings" button (see below). One of the problems with transitioning Luca to a "shrink wrapped application", when it used to be a custom-built application that I embed into enterprise systems in my previous life as a custom software vendor, is that I won't be anywhere physically near the system when anything goes wrong with it.

And one of the things that could go wrong is that the accounts stop balancing - due to a program bug or a loop-hole in the assumptions we used to model the business rules. Now, in a custom built application, I would usually be able to go over to the customer's site to trouble-shoot and patch the data to make the accounts balance again.

But it would be difficult to do this once we scale this to support hundreds or thousands of users all over the world.

So, the Batch Postings button allows the user, once he realises from the Trial Balance that the accounts do not balance, to clear the balances and tally up the postings again from each voucher for that particular month. This should get everything to balance again and propagate the corrected balances forward to the following months.

Usually this will be accompanied by a bug fix for the problem that caused the totals to go out of whack in the first place. Between the bug fix release and the "Batch Postings" button, I should be able to let the user go through months of trouble-free usage.

Or at least, that's the plan.

I used to have a utility that allows the user to check the health of the system and to actually pin-point the exact voucher or transaction that caused the accounts not to balance. That's one more thing to put in before I'd feel that I'd gotten Luca to the point where it could take any abuse that a user could throw at it.

Posted at 4:10AM UTC | permalink

Mac OS X Tiger 10.4.9

Category : Commentary/10dot4dot9.txt

I've just updated my live server to Mac OS X Tiger 10.4.9.

It looks OK to update. MailServe/Postfix Enabler, WebMon and DNS Enabler all continue to work OK.

Posted at 3:23AM UTC | permalink

Fri 09 Mar 2007

Taking a break across the Causeway

Category : Commentary/Muar.txt

I'm going up to Muar for the weekend. Actually, I'm looking forward to it. It's a two-hour drive across the Causeway. I wonder if I can find Internet access while I'm there. Otherwise I won't be able to get my mail.

Posted at 8:56AM UTC | permalink

What's right about being a Mac fanatic?

Category : Commentary/MacFanaticsRUs.txt

It's strucked me, while working on getting DNS Enabler, WebMon, and MailServe, etc, to work on Leopard, that the Mac user community gets a certain unique benefit, in terms of higher quality of software, when the Mac developers are themselves Mac fanatics.

Let me explain.

What we like most about Macs is that they just work. And, if you're so devoted to that idea, you come in with a very real appreciation for the pristine state in which the system is delivered. And, if you're a developer, you try very hard not to upset that state. Otherwise the Mac will stop being a Mac.

And that's what's happening when I'm trying, say, to get all the MaiServe features to work again on Leopard (some are broken; I'm still figuring why).

I try to determine absolutely the least amount of changes that I need to make to the system, to give the user the most in terms of the added capabilities, like POP or IMAP, or support for installing SSL certs without the sweat.

And I need to think ahead about how to restore the system to its pristine state, if at all possible, whenever the user chooses to de-install those capabilties.

And so, all these are hard to do. But, if you're a Mac fan, you can't see how it could work any other way.

Posted at 8:42AM UTC | permalink

Luca 2.5.3 Released

Category : Technology/Luca2dot5dot3.txt

Rio from Indonesia has been using Luca and he's hit a problem while trying to close a financial year. I had introduced a bug when I switched from using floating point arithmetic to using the higher precision NSDecimalNumbers. This bug prevents the year-end closing script from completing and it seems to have affected only SQLite users and not MySQL or PostgreSQL.

Anyway, I've fixed it in the 2.5.3 release and the year-end closing function will now work across all three database types. You can download Luca 2.5.3 from here.

I've managed to build a Leopard-compatible version of Luca. I've been experimenting with Leopard while I fixed that year-end closing bug. The 2.5.x releases mark the point where I transition to Leopard and see what new features in Cocoa I can take advantage of in Luca. There will be a Luca 3.0 when Leopard ships.

Posted at 8:01AM UTC | permalink

Thu 01 Mar 2007

Disneyland for Developers

Category : Technology/DisneylandForDevelopers.txt

I heard that phrase some weeks ago, I'm not sure where. I'm now fully on to Leopard, running it full-time on a MacBook, and I feel like I'm in it - this is Disneyland for Developers. So much to explore, and so fun.

But a Leopard launch for end March? I certainly doubt it. It looks like we have some ways to go yet.

Ideally I should have two machines running Leopard - one that's kept at the base-line fresh-install state so I can use that to compare against the changes I'm making to the other system. But I haven't the resources.

I've been very careful to note the state of the system after a fresh install. But even then I'm always wondering if a file is there or wasn't there, or wiped out by something I was doing. So I've clean-installed the system at least three times now to check.

This is back-breaking work. WebMon doesn't work because the web server's changed (for the better!, I think). I can't yet start up the dns server using DNS Enabler. And anyone who hacks Postfix Enabler/MailServe to set up the mail server on Leopard now is just going to mess up his system. I can't even get Luca to compile. So there's quite a lot of things waiting to be straightened out.

I have that Jackson Browne song going through my head - "I dropped my life and couldn't find the pieces".

I'm going to clean up MailServe, DNS Enabler and WebMon so they'll all work with Leopard, and see what new things I can build into them (from reviewing the mail I had been getting). Then I'm going to get back to building on Luca and Maven.

Understandably, Leopard's not stable yet. And I hate it when some of the things I've grown to love and trust have been changed, and not necessarily for the better. But there's so much new technology out there now that's just crying out to be exploited. So that's keeping the interest strong in spite of the instability. I don't know about other people, but I can do this forever.

Posted at 6:45AM UTC | permalink

Fri 23 Feb 2007

Leopard

Category : Technology/LeopardDevProg.txt

I've been having problems downloading the Leopard releases from Developer Connection. I kept getting disconnected before the downloads can finish.

I have two broadband lines coming into my home/office. One, the higher speed 3500 kbps line, kept getting disconnected at around the 559 MB point through the download. The other, a slower 512 kbps line, didn't have the same problem, but because it's a 5.1 GB install, it can take over 24 hours to download, and something or other would happen and I would always find the download either failed or timed-out when I next looked at it.

Now, I remember the last time we had a major OS X upgrade, moving from Panther to Tiger, I had the same problem. So I gave up downloading the developer releases after December, skipping the next two or so releases, thinking that things are not going to change much at the system-level going into the final release. I'd already seeded a few people with a Tiger-compatible version of Postfix Enabler and I hadn't gotten any feedback that anything was amiss. But that turned out to be almost a fatal mistake.

Thinking back, I wonder how I could have been so complacent. When Tiger was released, I relased Postfix Enabler on the same day, and the downloads (and payments) started coming in, seconds after I've updated my web site. A couple of hours later, I received this :

"First of all, thank you for writing and distributing this software. Postfix Enabler is currently starting postfix just fine (as far as I can tell) and claims to have started imap. However, something is wrong with pop3. When you try to start it the button goes away and comes right back. There's nothing in /var/log/mail.log about pop having done anything. Looking in /var/log/system.log reveals that "Server /usr/local/libexec/ipop3d is not executable [line=9]" So I manually copied the ipop3d binary out of the Postfix Enabler package and into /usr/local/libexec/ This allows ipop3d to start. I can get mail via pop3. However, pop3s fails."

What happened was that Apple deprecated the use of xinetd in the release version of Tiger, though it was still there in my developer version. Everything now had to go through the launch daemons mechanism. Imagine, the money was pouring in (and I should be so happy), but some things weren't working and I hadn't a clue what was happening. If I couldn't solve it, I would have to return every one of those dollars. So I took the download link off with an apology that I'm working on a fix, drove through heavy downtown traffic to get a shrink-wrapped copy of Tiger, and spent the next seven hours debugging it. The story had a happy ending. Postfix Enabler was put back on-line, the downloads resumed (again, seconds after updating my web page and that was so amazing, and so did the money), and this had kept on going all the way till now, almost two years later (talk about a long tail).

But I'm not going to make the same mistake again. So I thought I was going to stop everything else I was working on to make sure I have a way to always download the latest developer releases, all the way to golden master (do they still call the final release that, or is this so 20th century?).

I've tried everything - Safari, iGetter, Firefox, CyberDuck - but nothing worked for me. I needed to know what was happening at the point of failure. So I cobbled together some code from the Developer Examples that came with Xcode (the Downloader and the MiniBrowser sample code). And the result is what you see in the picture above.

Look closely - it's not Safari. I've duplicated enough of the Safari features to get the downloads to work so I can trace what is happening when they fail. In the end I've found a solution. The downloads were failing at the (mysterious) 559 MB point if I don't use a proxy web server. If I use that ISP's proxy server, the downloads don't get cut off anymore.

(I wonder why - nothing turned up on Google - maybe not many people download over 5 GB at one go).

So this should work also with Safari. It shouldn't now get cut off at 559 MB. But because I've concentrated on the download process, and every line of code has to do with download and nothing more, downloads using my version seem to run somewhat faster. I'm now able to download a Leopard release in about four hours. So that's a lot of improvement.

The application itself is not really much. You can download it from here.

But what I'd like to do, when I get the time, is to enhance it so that it can break the downloads into parts, like iGetter does. Plus a few other things.

I've said it many times. Cocoa is a wonderful software development platform. I've always wondered how Safari's downloads window works, Like how do you get the progress bar with those little round buttons and icon into a normal table view? Turns out that it only took a few lines of code. Totally amazing.

If I don't maintain some discipline I could go on forever into all these tangents. This is Disneyland for developers. But people have been asking about MailServe/Postfix Enabler/WebMon/DNS Enabler for Leopard. It's time to focus on the task at hand.

Posted at 7:51AM UTC | permalink

Sun 28 Jan 2007

The Relentless Pursuit of Perfection

Category : Commentary/relentless.txt

I'm reading "Lexus: The Relentless Pursuit" by Chester Dawson. There's this passage :

"During the F1 project team's first tour of the U.S. in 1985 (F1 was Toyota's code name for the car that came to be called the Lexus), [Chief Engineer Ichiro] Suzuki had taken copious notes, especially about the idiosyncracies of upper-income car-buyers on the West Coast. Even after taking control of the program, Suzuki personally made several return visits to study his target audience. During one visit in late September of 1987, six months after being appointed to head the program, he led a small team to a mission-style house in an expensive suburb of Los Angeles. The Japanese visitors had never seen such opulence in a private home except, perhaps, on the silver screen. Because of the extreme scarcity of land in Japan's urban centers and the high cost of housing, many Japanese spend most of their lives in cramped one- or two-bedroom apartments. Even the homes owned by top executives in Japan paled by comparison with the tidy estates of upper-middle-class Americans, to say nothing of the palatial spreads of the very rich. Members of Suzuki's reconnaissance team secured access to the living rooms of these conspicuous consumers and took snapshots of everything from the stucco exteriors to the interior decor. They wanted to get a feel for the aesthetic values that resonated with the wealthiest Americans. Nothing escaped notice: varnished wood mantles and exposed brick fireplaces; richly upholstered sofas; glass-topped coffee tables and plush carpeting; eggshell-white walls; the grand piano in the corner and the silver tea set in the dining room; the chandelier in the entrance foyer, and the arched doorway leading off to a bathroom. All exemplified a highly refined taste and understated sophistication. It was a lifestyle utterly foreign to the visiting Japanese and underscored the feeling that they had their work cut out to produce a car that could appeal to such people..."

What's this got to do with software development?

From the technical point of view, the work that goes into building great software is a lot like the work that went into the making of the Lexus. There's the same meticulous attention to detail, fueled by the same drive to achieve perfection.

But from the business point of view, unfortunately, there the similarity ends.

Software is hidden. It works behind the scenes. The same CEO who buys a Lexus, in an ostentatious display of wealth, status and earning ability, is often the same CEO who will squeeze the living daylights out a software vendor, in the mistaken belief that it demonstrates his superior ability to save his company money.

So we, the software guys, get caught at the wrong end of the game. Look how the incentives are skewed. The more people a manager has working for him, the better he looks, the bigger the perceived responsibility, and the bigger the corner office. He can make all the right noises about investing in productivity, but great software or systems that actually deliver on that productivity are working at cross purposes with his real un-stated needs. Like, why have an accounting department with just two people when you can look like a powerhouse of a business with a VP for Finance and a staff of fifteen?

I believe Microsoft succeeds better than Apple in business because it understands better the real concerns of the CEOs, CFOs and CIOs. Or least better than Steve Jobs, who see orifices where others see opportunities.

Look how Apple has struggled selling to enterprises. The Mac's superior design and craftsmanship cut no ice with these members of the modern-day politburo.

One would have thought that, if you can appreciate a Lexus or BMW or a Merce, then you should also definitely appreciate a Mac. I know I do but never mind...

But this is the point I am coming to. An aspiring (and struggling) entrepreneur ought to study Apple religiously, for the responses it has made to fight its way out of its predicament, because we share more traits with Apple, with the need to find creative solutions to interesting conundrums such as these, than we do with Bill Gates. Really.

So the day Apple launched the iPod, I remember turning to my wife and saying, I believe Apple has found the key.

They've found the product to pour all their heart and soul, ingenuity and endeavour into, that finally shares those strange economic characteristics of the Beamers and the Benzes and the Lexus. Something that all the cool kids would want to use. And be seen to be using. And the more they have to pay for it, and have people know they paid for it, the better it will be.

And so when Steve Ballmer says of the iPhone, "500 dollars? Hah hah, for the most expensive phone in the world, by far, Hah hah", I thought, that's precisely why people will buy it. And they'll place it on those splendid burnished tables in executive suites everywhere, in that understated, languid way that only the rich can affect, and there's nothing the IT managers, CEOs and CFOs can do about it.

I believe it's no accident that Steve Jobs called all the people who worked on the iPhone to stand up in MacWorld. It may be to call attention to the idea that this phone has been built, painstakingly and meticulously, with love and a genuine craftsman's pride. So this will be just the right phone for all those people with "understated sophistication and a highly refined taste".

This could be Apple's revenge for all those years of getting shafted by an un-imaginative competition, united only by a desperate need to maintain the mediocre status quo. All it has to do now is to deliver on the promise and make good on the execution. Then, like in an Ayn Rand world where Atlas shrugged and the Fountainhead flows, justice would have been served.

Posted at 2:43PM UTC | permalink